Two Factor Authentication with Authentication Objects

1. A computer-implemented method, comprising: under the control of one or more computer systems configured with executable instructions, determining a first device configured to provide authentication information for an authentication claim sufficient to authenticate an identity with a service provider system; obtaining, from the first device, authentication information; as a result of obtaining the authentication information from the first device, providing a graphical user interface that makes available for selection, on a second device, a plurality of graphical representations of sets of actions for authenticating with corresponding service provider systems, the plurality of graphical representations comprising a graphical representation that represents a set of actions for authenticating the identity with the service provider system; receiving, from a user input device associated with the second device, user input indicating a user selection of the graphical representation from the plurality of graphical representations and a request to authenticate with the service provider system; and as a result of receiving the user input indicating the selection, performing the set of actions by at least: obtaining the authentication claim, the authentication claim based at least in part on the authentication information from the first device; and providing the obtained authentication claim to the service provider system so that the service provider system authenticates the identity using the authentication claim.

2. The computer-implemented method of claim 1 , wherein the computer-implemented method further includes, as a result of receiving the user input indicating the selection, obtaining, from the first device, a cryptographically verifiable attestation to a state of a computing environment associated with the first device.

3. The computer-implemented method of claim 2 , wherein obtaining the cryptographically verifiable attestation to the state of the computing environment associated with the first device further includes capturing, with one or more sensors of the first computing device, information corresponding to the state of the computing environment associated with the first device.

4. The computer-implemented method of claim 1 , wherein obtaining the authentication claim includes generating the authentication claim based at least in part on the obtained authentication information.

5. A system, comprising: one or more computing devices including a processor and memory, the memory including executable instructions that, when executed by the one or more processors, cause the system to: provide a set of representations of authentication claims for selection via an interface of a first computing device of the one or more computing devices, the set of representations including a representation of an authentication claim that corresponds to a set of actions performable to provide a confirmation to a service provider system; receive information encoding a selection, by a user operating the first computing device, of a representation from the set of representations provided via the interface; receive authentication information associated with a second computing device of the one or more computing devices; for the selected representation, generate the authentication claim corresponding to the selected representation based at least in part on the received authentication information; and provide the authentication claim to facilitate performance of an operation involving interaction with the service provider system.

6. The system of claim 5 , wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to determine the operation of at least one of the one or more computing devices further requires authentication with the service provider system.

7. The system of claim 5 , wherein the first computing device performs the set of actions corresponding to the selected representation to obtain the authentication claim.

8. The system of claim 5 , wherein the second computing device provides the obtained authentication claim to the first computing device using short-range communications.

9. The system of claim 5 , wherein the set of actions includes capturing information corresponding to a physical environment associated with the second computing device using one or more sensors of the system.

10. The system of claim 9 , wherein capturing information corresponding to the physical environment includes capturing one or more images of at least a portion of a user operating the second computing device.

11. The system of claim 5 , wherein the set of actions includes obtaining an attestation to a state of a computing environment associated with the second computing device.

12. The system of claim 11 , wherein the attestation to the state of the computing environment associated with the second computing device is cryptographically verifiable.

13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a first computer system, cause the first computer system to at least: obtain an attestation to a state of a computing environment associated with a second computer system corresponding to a request for additional authentication information, the attestation obtained as a result of an input received through a user interface of the second computer system; cause, based at least in part on the attestation, a graphical user interface to be displayed such that the graphical user interface makes available for selection a plurality of graphical representations of authentication claims, the plurality of graphical representations associated with a representation of an authentication claim corresponding to a set of actions for authenticating an identity of a user with a service provider system; obtain the authentication claim based at least in part on a selection of at least one of the plurality of graphical representations of authentication claims received through the graphical user interface; and access one or more services of a service provider system based at least in part on the authentication claim.

14. The non-transitory computer-readable storage medium of claim 13 , wherein: the request for additional authentication information includes prompting the second computer system to display an indication of one or more user actions to perform in order to confirm an operation of the first computer system; and the attestation includes an indication corresponding to the one or more user actions performed via an interface of the second computer system.

15. The non-transitory computer-readable storage medium of claim 14 , wherein the instructions that cause the first computer system to prompt the second computer system to display the indication further comprise instructions that, when executed by the one or more processors, cause the second computer system to output a pattern of light detectable by one or more sensors of the second computer system.

16. The non-transitory computer-readable storage medium of claim 13 , wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the first computer system to provide the attestation and the authentication claim to a service provider computer system such that the attestation and authentication claim enable the first computer system to access a service of the service provider computer system.

17. The non-transitory computer-readable storage medium of claim 13 , wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the first computer system to generate the authentication claim to include information contained in the attestation.

18. The non-transitory computer-readable storage medium of claim 13 , wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the first computer system to: receive, from the service provider system, an indication that additional authentication information is required to complete one or more operations attempted by the first computer system; and determine the second computer system capable of providing additional authentication information in order to transmit the request to the second computer system.

19. The non-transitory computer-readable storage medium of claim 13 , wherein the attestation includes data obtain information from one or more sensors of the second computer system corresponding to the state of the computing environment associated with the first computer system.

20. The non-transitory computer-readable storage medium of claim 19 , wherein the attestation includes biometric information obtained from the one or more sensors of the second computer system.